Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD0792E7A7-8E37-11D8-90D1-0020ED76EF5A
HistoryApr 14, 2004 - 12:00 a.m.

CVS path validation errors

2004-04-1400:00:00
vuxml.freebsd.org
15

0.011 Low

EPSS

Percentile

84.3%

JSON

Two programming errors were discovered in which path names
handled by CVS were not properly validated. In one case,
the CVS client accepts absolute path names from the server
when determining which files to update. In another case,
the CVS server accepts relative path names from the client
when determining which files to transmit, including those
containing references to parent directories (`…/').
These programming errors generally only have a security
impact when dealing with remote CVS repositories.
A malicious CVS server may cause a CVS client to overwrite
arbitrary files on the client’s system.
A CVS client may request RCS files from a remote system
other than those in the repository specified by $CVSROOT.
These RCS files need not be part of any CVS repository
themselves.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchcvs+ipv6<= 1.11.5_1UNKNOWN
FreeBSDanynoarchfreebsd= 5.2UNKNOWN
FreeBSDanynoarchfreebsd< 5.2.1_5UNKNOWN

Related

osv 1
slackware 1
cvelist 2
cve 2
openvas 10
debiancve 2
nessus 8
ubuntucve 2
gentoo 1
redhat 1
debian 1
freebsd_advisory 1
altlinux 1
suse 1
osv
osv
cvs - several vulnerabilities
2004-04-16 00:00:00
slackware
slackware
cvs security update
2004-04-18 16:40:41
cvelist
cvelist
CVE-2004-0405
2004-04-17 04:00:00
CVE-2004-0180
2004-04-16 04:00:00
cve
cve
CVE-2004-0405
2004-06-01 04:00:00
CVE-2004-0180
2004-06-01 04:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200404-13 (cvs)
2008-09-24 00:00:00
FreeBSD Ports: cvs+ipv6
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200404-13 (cvs)
2008-09-24 00:00:00
debiancve
debiancve
CVE-2004-0180
2004-06-01 04:00:00
CVE-2004-0405
2004-06-01 04:00:00
nessus
nessus
Debian DSA-486-1 : cvs - several vulnerabilities
2004-09-29 00:00:00
RHEL 2.1 / 3 : cvs (RHSA-2004:153)
2004-07-06 00:00:00
FreeBSD : CVS path validation errors (0792e7a7-8e37-11d8-90d1-0020ed76ef5a)
2009-04-23 00:00:00
ubuntucve
ubuntucve
CVE-2004-0405
2004-06-01 00:00:00
CVE-2004-0180
2004-06-01 00:00:00
gentoo
gentoo
CVS Server and Client Vulnerabilities
2004-04-14 00:00:00
redhat
redhat
(RHSA-2004:153) cvs security update
2004-04-14 00:00:00
debian
debian
[SECURITY] [DSA 486-1] New cvs packages fix multiple vulnerabilities
2004-04-16 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-04:07.cvs
2004-04-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package cvs version 1.11.14-alt2
2004-04-07 00:00:00
suse
suse
remote code execution in cvs
2004-04-14 15:54:44

0.011 Low

EPSS

Percentile

84.3%

JSON
Related for 0792E7A7-8E37-11D8-90D1-0020ED76EF5A
osv1slackware1cvelist2cve2openvas10debiancve2nessus8ubuntucve2gentoo1redhat1debian1freebsd_advisory1altlinux1suse1